class UserController < ApplicationController

  # list users
  def list
      @users = User.find(:all,
                         :conditions => ["user_id != ? and rights != ?", session[:user].user_id, 'ManageAll']);  
  end

  # add user
  def add
     return unless params[:form_submitted];
         
     @user = User.new(params[:user]);
     return unless @user.save();

     flash[:info_msg] = "User added";
     redirect_to(:controller => 'user', :action => 'list');
  end
    
  # edit user
  def edit
      get_user;
      return unless params[:form_submitted];
      return unless @user.update_attributes(params[:user]);
      
      flash[:info_msg] = "User updated";
      redirect_to(:controller => 'user', :action => 'list');
  end

  # show user
  def show
      get_user; 
      @assigned_projects = @user.projects;
  end

  # projects
  def projects
     get_user;
     userProjects = @user.projects;
     @user_projects = Hash.new;
     for user_project in userProjects
         @user_projects[user_project.project_fk] = 1;
     end 
     
     @projects = Project.find(:all);
     
     return unless params[:form_submitted];
     # delete old projects
     UserProject.delete_all(["user_fk = ?",@user.user_id]);
     
     if (params[:projects]) 
       for project_id in params[:projects].keys
           user_project = UserProject.new({ :user_fk => @user.user_id, :project_fk => project_id });
  	 user_project.save();
       end
     end
     flash[:info_msg] = "Projects has been added";
     redirect_to(:controller => 'user', :action => 'show', :id => @user.user_id);
  end

  # my_account
  def my_account
      get_user(session[:user].user_id.to_s);     
      
      return unless params[:form_submitted];
      return unless @user.update_attributes(params[:user]);

      session[:user] = @user; 
      flash[:info_msg] = "You account has been updated";
      redirect_to(:controller => 'user', :action => 'list');
  end

  # login
  def login
      return unless params[:form_submitted];

      logged_in_user = User.login(params[:user]);
      if (logged_in_user) 
          session[:user] = logged_in_user;
	  flash[:info_msg] = "Logged in succesfully";
	  redirect_to(:controller => 'root', :action => 'home');
	  return;
      end
      flash[:error_msg] = "Invalid username or password";
      redirect_to(:controller => 'user', :action => 'login');
  end

  # logout
  def logout
      return unless session[:user];

      session[:user] = nil;
      flash[:info_msg] = "Succefully logged out";
      redirect_to(:controller => 'user', :action => 'login');
  end

  protected
  def get_user(user_id = nil)
    user_id = params[:id] unless user_id;
    unless (user_id) 
          flash[:error_msg] = "No user provided";
	  redirect_to(:action => 'list');
	  return;
      end
      unless (user_id =~ /^\d+$/) 
          flash[:error_msg] = "Invalid user id";
	  redirect_to(:action => 'list');
	  return;
      end
      @user = User.get_user(user_id);
      unless (@user) 
          flash[:error_msg] = "No user found";
	  redirect_to(:action => 'list');
	  return;
      end
      return @user;
  end

end
